The Solution Crowd

kippy - performance management ... made simple

kippy is a flexible strategy and performance management system, hosted in the cloud. The service offered includes configuration of the system to suit the specific business needs of your organisation.

Features

• Track KPIs and Projects by objective - at various frequencies.
• Cascade strategy with real-time org-wide drill-down reporting.
• One-click Cloud deploy. Self-service set up, customisation, management, governance
• Approval workflows, automated change freezes and exemptions
• Self-managed role-based user management. Every action audited.
• Voice-controlled Virtual Assistant, chat with colleagues, pre-integrated to Slack
• Analyze trends, bulk import, Live chat support.
• Secure RESTFUL JSON APIs to integrate with your systems
• Secure, encrypted, audited, backed-up, highly available. Export on demand.
• Mobile responsive. Cross-browser. Cross-device.

Benefits

• One-stop view of your entire organisation.
• Executive dashboards ready to present live views for board-level reviews
• Track KPIs and Projects by objectives – vertically and horizontally
• ​Check waste vs value - at the right frequency
• ​Drive strategy down to every team
• Get started with one-click for your very own instance
• Self set-up Kippy with your performance strategy
• ​Data integrity at all-levels, enforced by default
• Easy to use, intuitive to learn. No training required
• ​Free trial and monthly pricing. Go-live within a week.

£7.33 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)

Framework

G-Cloud 12

Service ID

885878649979278

Contact

nauman khan
07969453723
hi@thesolutioncrowd.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Google Chrome or IE11+ web browser with Javascript enabled

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Severity 1 1 hour; Severity 2 8 hours; Severity 3 48 hours; ; Monday to Friday. 9am to 5pm.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: WCAG 2.0 AA
• Web chat accessibility testing: Web chat provided by 3rd party.
• Onsite support: Yes, at extra cost
• Support levels: A technical account manager is provided. ; ; All plans include LIVE CHAT support - which allows you to talk directly to a real person, directly from a pop-up window whilst using Kippy.; ​; Free users will be directed to the extensive how-to-videos and online user guides.; ​; Professional Plan users will be able to ask questions on how to use the various Kippy features via the online chat.; ; Enterprise Plan users will also be able to use our dedicated resource to get set up, import existing KPI data and access to our network of consultancy partners to help your end-to-end performance management objectives.; ; Enterprise Support Plan costs 10,000 (GBP) per annum
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Kippy is an intuitive product which can be self-learned. There is extensive user documentation on the website in the form of manuals, faqs, how to and getting started videos. ; ; Online training is provided once a month for new users. On-site training is available.; ; A technical integrator is provided to help configure the system initially with your existing data, ; ; A network of partners pre-trained in the kippy methodology is also available to help identify your objectives, kpis and project milestones - and upload them into kippy.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All the users data is available to the user via the web APIs at any time. ; ; All kippy data is regularly backed up. However, users are also encouraged to take extracts of their data for backups or local integrations as often as they choose.
• End-of-contract process: If you wish to terminate your contract, there are no additional costs. A data export is made available free of charge, and all data is then removed from our systems.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Kippy is mobile responsive and is fully functional on mobile phones and tablets. However, the interface is primarily intended to be used on desktops and laptops.
• Service interface: Yes
• Description of service interface: The service interface is part of the application but only available to users with the appropriate role. ; ; The interface allows the user to self-serve any maintenance activities - including adding, renaming, deleting, moving all data objects. ; ; All activities are fully audited and follow governance rules to ensure system integrity. ; ; The service interface is only available to the appropriate system user, who can ; - view the audit log to be viewed; - bulk import existing KPI data ; - delete users from the system
• Accessibility standards: None or don’t know
• Description of accessibility: The service interface is part of the rest of the kippy application and behaves the same way.
• Accessibility testing: Tested with JAWS screen reader and Pa11y.
• API: Yes
• What users can and can't do using the API: Appropriate users can interact with kippy using the secure REST/JSON APIs.; ; The service can also be set up by uploading existing information in bulk.; ; Performance data can be updated via the APIs to allow integration with in-house systems. ; ; ALL user-entered data and calculated performance scores can be retrieved via the APIs.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Kippy takes an opinionated view of strategy and performance management, based on a mature and proven methodology to simplify implementations and ensure success. ; ; Within this structure, the system is almost entirely customizable so the user can define:; - teams to model their org structure; - mission, vision, values, perspectives, objectives, kpis, project and milestones; - users, their roles and access permissions per team; - communities of interests to collaborate on cross-cutting groups of KPIs; - change freezes and exemption windows for KPI submissions; - board colours, logos, avatars, etc. ; ; The service is fully customisable by the user with the appropriate role using just the user interface.

Scaling

• Independence of resources: Kippy is designed to ensure there is practically no impact across users because:; - most complex operations are done in the client's browser and not on the kippy servers. ; - sophisticated caching refreshes in low-priority background jobs; - sophisticated auto scaling-up of under-lying resource to over 1000 times typical load (which auto scales-down to reduce cost)

Analytics

• Service usage metrics: Yes
• Metrics types: Registered users; User logins; KPIs and Projects created; Scores Submitted
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can call kippy's secure web APIs (with the appropriate authentication credentials) to extract all their current and historical data in JSON format.
• Data export formats: Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MS Excel template to collect and bulk upload existing info.
  • Updates can be submitted using RESTFUL/JSON web API calls

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Severity 1 Production system is down, impacting ability to log in to application or view any pre-populated data. ; Severity 2 Production system is degraded, but operational. Issue affects essential functions such as some dashboards and/or reports; ability to submit new scores to existing KPI and Project definitions. ; Severity 3 Product system performance is degraded to become erroneous or unusable. Issue affects non-essential functions such as changes to KPI and Project definitions and forecasts. Admin functions – including Maintenance of Users, Teams, Perspectives, Objectives, KPIs, Projects, Milestones, Unlocking plans and actuals and all Slack features. Some data or scoring is missing or erroneous. General product questions relating to feature issues, integration or documentation.; ; Description Resolution Time Measure; Severity 1 12 hours 100%; Severity 2 24 hours 95%; within 48 hours 100%; Severity 3 48 hours 90%; within 1 week 100%; ; Annual licenses are refunded pro-rata on request.
• Approach to resilience: Multi-availability zone replication; Auto-scaling; Automated testing; Canary releases ; Production Monitoring; ; More details available on request.
• Outage reporting: Public status page

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: There are two options available for authentication a) "Username and password" and/or b) "via integration to Slack".; ; Using authentication via Slack, users are able to leverage all Slack login features including 2-factor authentication and identity federation.; ; As system owner, you can decide and self-service the authentication mechanism appropriate for your needs. ; ; All communication is via TLS.
• Access restrictions in management interfaces and support channels: Role-based access restricts management interface access.; This is further controlled hierarchically by Team in your organisation. ; Only your user that initialises the kippy instance (with the 'system owner' role), can request certain restricted commercial features from support e.g. billing, leaving, retrieving backups, etc.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security governance has been designed and is executed from the ground up at all layers. This follows best practices from our Architecture team based on decades of experience architecting and developing large business critical national and global systems.; ; We are happy to attain formal ISO/IEC accreditations when/if they are requested.
• Information security policies and processes: A primary tenant of our offering is that "We will not share you information with anyone ... ever". All data and access controls for your data are for you to self-manage. Therefore, we can avoid ever needing to interfere with your own security policies. ; ; We are happy to attain formal ISO/IEC accreditations when/if required.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All configuration is managed with Infrastructure as code (IaaC) principles.; All code is managed in a private GitHub repository.; All changes are reviewed with a formal Architecture design process with formal design documents.; All builds and releases are tracked in the CI/CD pipelines.; All releases are security and vulnerability scanned.; Change management processes ensure all releases are a) released outside of business hours b) tested in a Stage production-like environment and c) canary-released before full roll out.; API iteration is tracked through semantic versioning.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Each release is scanned using Google Cloud Web Security Scanner.; Security fixes are given highest priority by the in-house development team. ; Patches can be deployed via the CI/CD pipelines within a minute.; CVE & NVD databases.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Automated alerts and daily manual monitoring. ; Immediate response - security is a fundamental tenant of the offering.
• Incident management type: Supplier-defined controls
• Incident management approach: Users can raise incidents via support directly from the app, or via email. ; Processes for common incidents identified via ITIL problem management methodologies.; ; Description Resolution Time Measure; Provision of a Root Cause Analysis (RCA) report for Severity 1 incidents within 5 days 90%; within 8 hours 100%; A documented Incident Report to be submitted to the Authority for Severity 1 Incidents within 5 days of incident resolution 100%

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £7.33 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: All features are included in the free version - no time limit.; Free tier users can contact kippy support - SLAs not guaranteed for Free users - online resources available for all.; Users can initially register for Free version and upgrade when Support needed.
• Link to free trial: http://kippy.cloud/

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)